[PM-17562] API For Organization Integrations/Configurations, Refactored Distributed Events, Slack Integration (#5654)

* [PM-17562] Slack Event Investigation * Refactored Slack and Webhook integrations to pull configurations dynamically from a new Repository * Added new TemplateProcessor and added/updated unit tests * SlackService improvements, testing, integration configurations * Refactor SlackService to use a dedicated model to parse responses * Refactored SlackOAuthController to use SlackService as an injected dependency; added tests for SlackService * Remove unnecessary methods from the IOrganizationIntegrationConfigurationRepository * Moved Slack OAuth to take into account the Organization it's being stored for. Added methods to store the top level integration for Slack * Organization integrations and configuration database schemas * Format EF files * Initial buildout of basic repositories * [PM-17562] Add Dapper Repositories For Organization Integrations and Configurations * Update Slack and Webhook handlers to use new Repositories * Update SlackOAuth tests to new signatures * Added EF Repositories * Update handlers to use latest repositories * [PM-17562] Add Dapper and EF Repositories For Ogranization Integrations and Configurations * Updated with changes from PR comments * Adjusted Handlers to new repository method names; updated tests to naming convention * Adjust URL structure; add delete for Slack, add tests * Added Webhook Integration Controller * Add tests for WebhookIntegrationController * Added Create/Delete for OrganizationIntegrationConfigurations * Prepend ConnectionTypes into IntegrationType so we don't run into issues later * Added Update to OrganizationIntegrationConfigurtionController * Moved Webhook-specific integration code to being a generic controller for everything but Slack * Removed delete from SlackController - Deletes should happen through the normal Integration controller * Fixed SlackController, reworked OIC Controller to use ids from URL and update the returned object * Added parse/type checking for integration and integration configuration JSONs, Cleaned up GlobalSettings to remove old values * Cleanup and fixes for Azure Service Bus support * Clean up naming on TemplateProcessorTests * Address SonarQube warnings/suggestions * Expanded test coverage; Cleaned up tests * Respond to PR Feedback * Rename TemplateProcessor to IntegrationTemplateProcessor --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
2025-06-30 15:42:48 -05:00 · 2025-04-23 10:44:43 -04:00
parent 722fae81b3
commit 90d831d9ef
35 changed files with 2880 additions and 57 deletions
--- a/src/Api/AdminConsole/Controllers/OrganizationIntegrationConfigurationController.cs
+++ b/src/Api/AdminConsole/Controllers/OrganizationIntegrationConfigurationController.cs
@ -0,0 +1,103 @@
+using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.AdminConsole.Controllers;
+
+[Route("organizations/{organizationId:guid}/integrations/{integrationId:guid}/configurations")]
+[Authorize("Application")]
+public class OrganizationIntegrationConfigurationController(
+    ICurrentContext currentContext,
+    IOrganizationIntegrationRepository integrationRepository,
+    IOrganizationIntegrationConfigurationRepository integrationConfigurationRepository) : Controller
+{
+    [HttpPost("")]
+    public async Task<OrganizationIntegrationConfigurationResponseModel> CreateAsync(
+        Guid organizationId,
+        Guid integrationId,
+        [FromBody] OrganizationIntegrationConfigurationRequestModel model)
+    {
+        if (!await HasPermission(organizationId))
+        {
+            throw new NotFoundException();
+        }
+        var integration = await integrationRepository.GetByIdAsync(integrationId);
+        if (integration == null || integration.OrganizationId != organizationId)
+        {
+            throw new NotFoundException();
+        }
+        if (!model.IsValidForType(integration.Type))
+        {
+            throw new BadRequestException($"Invalid Configuration and/or Template for integration type {integration.Type}");
+        }
+
+        var organizationIntegrationConfiguration = model.ToOrganizationIntegrationConfiguration(integrationId);
+        var configuration = await integrationConfigurationRepository.CreateAsync(organizationIntegrationConfiguration);
+        return new OrganizationIntegrationConfigurationResponseModel(configuration);
+    }
+
+    [HttpPut("{configurationId:guid}")]
+    public async Task<OrganizationIntegrationConfigurationResponseModel> UpdateAsync(
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        [FromBody] OrganizationIntegrationConfigurationRequestModel model)
+    {
+        if (!await HasPermission(organizationId))
+        {
+            throw new NotFoundException();
+        }
+        var integration = await integrationRepository.GetByIdAsync(integrationId);
+        if (integration == null || integration.OrganizationId != organizationId)
+        {
+            throw new NotFoundException();
+        }
+        if (!model.IsValidForType(integration.Type))
+        {
+            throw new BadRequestException($"Invalid Configuration and/or Template for integration type {integration.Type}");
+        }
+
+        var configuration = await integrationConfigurationRepository.GetByIdAsync(configurationId);
+        if (configuration is null || configuration.OrganizationIntegrationId != integrationId)
+        {
+            throw new NotFoundException();
+        }
+
+        var newConfiguration = model.ToOrganizationIntegrationConfiguration(configuration);
+        await integrationConfigurationRepository.ReplaceAsync(newConfiguration);
+
+        return new OrganizationIntegrationConfigurationResponseModel(newConfiguration);
+    }
+
+    [HttpDelete("{configurationId:guid}")]
+    [HttpPost("{configurationId:guid}/delete")]
+    public async Task DeleteAsync(Guid organizationId, Guid integrationId, Guid configurationId)
+    {
+        if (!await HasPermission(organizationId))
+        {
+            throw new NotFoundException();
+        }
+        var integration = await integrationRepository.GetByIdAsync(integrationId);
+        if (integration == null || integration.OrganizationId != organizationId)
+        {
+            throw new NotFoundException();
+        }
+
+        var configuration = await integrationConfigurationRepository.GetByIdAsync(configurationId);
+        if (configuration is null || configuration.OrganizationIntegrationId != integrationId)
+        {
+            throw new NotFoundException();
+        }
+
+        await integrationConfigurationRepository.DeleteAsync(configuration);
+    }
+
+    private async Task<bool> HasPermission(Guid organizationId)
+    {
+        return await currentContext.OrganizationOwner(organizationId);
+    }
+}
--- a/src/Api/AdminConsole/Controllers/OrganizationIntegrationController.cs
+++ b/src/Api/AdminConsole/Controllers/OrganizationIntegrationController.cs
@ -0,0 +1,71 @@
+using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
+using Bit.Core.Context;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+#nullable enable
+
+namespace Bit.Api.AdminConsole.Controllers;
+
+[Route("organizations/{organizationId:guid}/integrations")]
+[Authorize("Application")]
+public class OrganizationIntegrationController(
+    ICurrentContext currentContext,
+    IOrganizationIntegrationRepository integrationRepository) : Controller
+{
+    [HttpPost("")]
+    public async Task<OrganizationIntegrationResponseModel> CreateAsync(Guid organizationId, [FromBody] OrganizationIntegrationRequestModel model)
+    {
+        if (!await HasPermission(organizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        var integration = await integrationRepository.CreateAsync(model.ToOrganizationIntegration(organizationId));
+        return new OrganizationIntegrationResponseModel(integration);
+    }
+
+    [HttpPut("{integrationId:guid}")]
+    public async Task<OrganizationIntegrationResponseModel> UpdateAsync(Guid organizationId, Guid integrationId, [FromBody] OrganizationIntegrationRequestModel model)
+    {
+        if (!await HasPermission(organizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        var integration = await integrationRepository.GetByIdAsync(integrationId);
+        if (integration is null || integration.OrganizationId != organizationId)
+        {
+            throw new NotFoundException();
+        }
+
+        await integrationRepository.ReplaceAsync(model.ToOrganizationIntegration(integration));
+        return new OrganizationIntegrationResponseModel(integration);
+    }
+
+    [HttpDelete("{integrationId:guid}")]
+    [HttpPost("{integrationId:guid}/delete")]
+    public async Task DeleteAsync(Guid organizationId, Guid integrationId)
+    {
+        if (!await HasPermission(organizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        var integration = await integrationRepository.GetByIdAsync(integrationId);
+        if (integration is null || integration.OrganizationId != organizationId)
+        {
+            throw new NotFoundException();
+        }
+
+        await integrationRepository.DeleteAsync(integration);
+    }
+
+    private async Task<bool> HasPermission(Guid organizationId)
+    {
+        return await currentContext.OrganizationOwner(organizationId);
+    }
+}
--- a/src/Api/AdminConsole/Controllers/SlackIntegrationController.cs
+++ b/src/Api/AdminConsole/Controllers/SlackIntegrationController.cs
@ -0,0 +1,77 @@
+using System.Text.Json;
+using Bit.Api.AdminConsole.Models.Response.Organizations;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Context;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Models.Data.Integrations;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.AdminConsole.Controllers;
+
+[Route("organizations/{organizationId:guid}/integrations/slack")]
+[Authorize("Application")]
+public class SlackIntegrationController(
+    ICurrentContext currentContext,
+    IOrganizationIntegrationRepository integrationRepository,
+    ISlackService slackService) : Controller
+{
+    [HttpGet("redirect")]
+    public async Task<IActionResult> RedirectAsync(Guid organizationId)
+    {
+        if (!await currentContext.OrganizationOwner(organizationId))
+        {
+            throw new NotFoundException();
+        }
+        string callbackUrl = Url.RouteUrl(
+            nameof(CreateAsync),
+            new { organizationId },
+            currentContext.HttpContext.Request.Scheme);
+        var redirectUrl = slackService.GetRedirectUrl(callbackUrl);
+
+        if (string.IsNullOrEmpty(redirectUrl))
+        {
+            throw new NotFoundException();
+        }
+
+        return Redirect(redirectUrl);
+    }
+
+    [HttpGet("create", Name = nameof(CreateAsync))]
+    public async Task<IActionResult> CreateAsync(Guid organizationId, [FromQuery] string code)
+    {
+        if (!await currentContext.OrganizationOwner(organizationId))
+        {
+            throw new NotFoundException();
+        }
+
+        if (string.IsNullOrEmpty(code))
+        {
+            throw new BadRequestException("Missing code from Slack.");
+        }
+
+        string callbackUrl = Url.RouteUrl(
+            nameof(CreateAsync),
+            new { organizationId },
+            currentContext.HttpContext.Request.Scheme);
+        var token = await slackService.ObtainTokenViaOAuth(code, callbackUrl);
+
+        if (string.IsNullOrEmpty(token))
+        {
+            throw new BadRequestException("Invalid response from Slack.");
+        }
+
+        var integration = await integrationRepository.CreateAsync(new OrganizationIntegration
+        {
+            OrganizationId = organizationId,
+            Type = IntegrationType.Slack,
+            Configuration = JsonSerializer.Serialize(new SlackIntegration(token)),
+        });
+        var location = $"/organizations/{organizationId}/integrations/{integration.Id}";
+
+        return Created(location, new OrganizationIntegrationResponseModel(integration));
+    }
+}
--- a/src/Api/AdminConsole/Models/Request/Organizations/OrganizationIntegrationConfigurationRequestModel.cs
+++ b/src/Api/AdminConsole/Models/Request/Organizations/OrganizationIntegrationConfigurationRequestModel.cs
@ -0,0 +1,73 @@
+using System.ComponentModel.DataAnnotations;
+using System.Text.Json;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data.Integrations;
+
+#nullable enable
+
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
+
+public class OrganizationIntegrationConfigurationRequestModel
+{
+    public string? Configuration { get; set; }
+
+    [Required]
+    public EventType EventType { get; set; }
+
+    public string? Template { get; set; }
+
+    public bool IsValidForType(IntegrationType integrationType)
+    {
+        switch (integrationType)
+        {
+            case IntegrationType.CloudBillingSync or IntegrationType.Scim:
+                return false;
+            case IntegrationType.Slack:
+                return !string.IsNullOrWhiteSpace(Template) && IsConfigurationValid<SlackIntegrationConfiguration>();
+            case IntegrationType.Webhook:
+                return !string.IsNullOrWhiteSpace(Template) && IsConfigurationValid<WebhookIntegrationConfiguration>();
+            default:
+                return false;
+
+        }
+    }
+
+    public OrganizationIntegrationConfiguration ToOrganizationIntegrationConfiguration(Guid organizationIntegrationId)
+    {
+        return new OrganizationIntegrationConfiguration()
+        {
+            OrganizationIntegrationId = organizationIntegrationId,
+            Configuration = Configuration,
+            EventType = EventType,
+            Template = Template
+        };
+    }
+
+    public OrganizationIntegrationConfiguration ToOrganizationIntegrationConfiguration(OrganizationIntegrationConfiguration currentConfiguration)
+    {
+        currentConfiguration.Configuration = Configuration;
+        currentConfiguration.EventType = EventType;
+        currentConfiguration.Template = Template;
+
+        return currentConfiguration;
+    }
+
+    private bool IsConfigurationValid<T>()
+    {
+        if (string.IsNullOrWhiteSpace(Configuration))
+        {
+            return false;
+        }
+
+        try
+        {
+            var config = JsonSerializer.Deserialize<T>(Configuration);
+            return config is not null;
+        }
+        catch
+        {
+            return false;
+        }
+    }
+}
--- a/src/Api/AdminConsole/Models/Request/Organizations/OrgnizationIntegrationRequestModel.cs
+++ b/src/Api/AdminConsole/Models/Request/Organizations/OrgnizationIntegrationRequestModel.cs
@ -0,0 +1,56 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Enums;
+
+#nullable enable
+
+namespace Bit.Api.AdminConsole.Models.Request.Organizations;
+
+public class OrganizationIntegrationRequestModel : IValidatableObject
+{
+    public string? Configuration { get; set; }
+
+    public IntegrationType Type { get; set; }
+
+    public OrganizationIntegration ToOrganizationIntegration(Guid organizationId)
+    {
+        return new OrganizationIntegration()
+        {
+            OrganizationId = organizationId,
+            Configuration = Configuration,
+            Type = Type,
+        };
+    }
+
+    public OrganizationIntegration ToOrganizationIntegration(OrganizationIntegration currentIntegration)
+    {
+        currentIntegration.Configuration = Configuration;
+        return currentIntegration;
+    }
+
+    public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
+    {
+        switch (Type)
+        {
+            case IntegrationType.CloudBillingSync or IntegrationType.Scim:
+                yield return new ValidationResult($"{nameof(Type)} integrations are not yet supported.", new[] { nameof(Type) });
+                break;
+            case IntegrationType.Slack:
+                yield return new ValidationResult($"{nameof(Type)} integrations cannot be created directly.", new[] { nameof(Type) });
+                break;
+            case IntegrationType.Webhook:
+                if (Configuration is not null)
+                {
+                    yield return new ValidationResult(
+                        "Webhook integrations must not include configuration.",
+                        new[] { nameof(Configuration) });
+                }
+                break;
+            default:
+                yield return new ValidationResult(
+                    $"Integration type '{Type}' is not recognized.",
+                    new[] { nameof(Type) });
+                break;
+        }
+    }
+}
--- a/src/Api/AdminConsole/Models/Response/Organizations/OrganizationIntegrationConfigurationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/Organizations/OrganizationIntegrationConfigurationResponseModel.cs
@ -0,0 +1,28 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Api;
+
+#nullable enable
+
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
+
+public class OrganizationIntegrationConfigurationResponseModel : ResponseModel
+{
+    public OrganizationIntegrationConfigurationResponseModel(OrganizationIntegrationConfiguration organizationIntegrationConfiguration, string obj = "organizationIntegrationConfiguration")
+        : base(obj)
+    {
+        ArgumentNullException.ThrowIfNull(organizationIntegrationConfiguration);
+
+        Id = organizationIntegrationConfiguration.Id;
+        Configuration = organizationIntegrationConfiguration.Configuration;
+        CreationDate = organizationIntegrationConfiguration.CreationDate;
+        EventType = organizationIntegrationConfiguration.EventType;
+        Template = organizationIntegrationConfiguration.Template;
+    }
+
+    public Guid Id { get; set; }
+    public string? Configuration { get; set; }
+    public DateTime CreationDate { get; set; }
+    public EventType EventType { get; set; }
+    public string? Template { get; set; }
+}
--- a/src/Api/AdminConsole/Models/Response/Organizations/OrganizationIntegrationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/Organizations/OrganizationIntegrationResponseModel.cs
@ -0,0 +1,22 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Api;
+
+#nullable enable
+
+namespace Bit.Api.AdminConsole.Models.Response.Organizations;
+
+public class OrganizationIntegrationResponseModel : ResponseModel
+{
+    public OrganizationIntegrationResponseModel(OrganizationIntegration organizationIntegration, string obj = "organizationIntegration")
+        : base(obj)
+    {
+        ArgumentNullException.ThrowIfNull(organizationIntegration);
+
+        Id = organizationIntegration.Id;
+        Type = organizationIntegration.Type;
+    }
+
+    public Guid Id { get; set; }
+    public IntegrationType Type { get; set; }
+}
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@ -27,8 +27,10 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions;
 using Bit.Core.Tools.Entities;
 using Bit.Core.Vault.Entities;
 using Bit.Api.Auth.Models.Request.WebAuthn;
+using Bit.Core.AdminConsole.Services.NoopImplementations;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Identity.TokenProviders;
+using Bit.Core.Services;
 using Bit.Core.Tools.ImportFeatures;
 using Bit.Core.Tools.ReportFeatures;
 using Bit.Core.Auth.Models.Api.Request;
@ -215,6 +217,19 @@ public class Startup
        {
            services.AddHostedService<Core.HostedServices.ApplicationCacheHostedService>();
        }
+
+        // Slack
+        if (CoreHelpers.SettingHasValue(globalSettings.Slack.ClientId) &&
+            CoreHelpers.SettingHasValue(globalSettings.Slack.ClientSecret) &&
+            CoreHelpers.SettingHasValue(globalSettings.Slack.Scopes))
+        {
+            services.AddHttpClient(SlackService.HttpClientName);
+            services.AddSingleton<ISlackService, SlackService>();
+        }
+        else
+        {
+            services.AddSingleton<ISlackService, NoopSlackService>();
+        }
    }

    public void Configure(